Transcription

1

2

3

4

5 Date of the defense

6

7

8

9 Preface It seems that architecture emerges only after the fact, when building has already proliferated. Hence it is natural that my interest in network architecture manifested itself only after a career as a software engineer and research team leader building networking systems. It is also undeniable that the economic challenges of our times have affected my interest towards consideration of the evolution of network systems from the viewpoint of the network owners. In retrospect, it seems only to be expected that the incentives of network investors should play a role in the development of the network architecture. Looking back on my professional journey, I am deeply indebted to the many interesting persons who have guided me and enabled my studies, both before my working career and after my graduation from Helsinki University of Technology in Apologies to anyone wham I fail to mention below. First, I must extend my humblest gratitude to the researchers on whose shoulders I have mainly built my studies. David Clark s writings on Internet architecture have stayed with me a long time. The inter-domain aspect of my work is built on earlier work by Professor Lixin Gao. Much of the modern networking research on which my work builds on has been led by Professor Scott Shenker. I wish to thank Professor Heikki Saikkonen, who kindled my interest on distributed systems during my Master s studies. Heikki, you still have not returned my lecture notes I lent to you after your course. I must also thank my fellows Tomi Ollila, Pekka Pessi, and Markus Peuhkuri, with whom I engaged in a networking software project, during which we delved deep into the BSD TCP/IP networking stack and started a small software company. Then I must thank Professor Heikki Hämmäinen, who hired me for an vii

10 Preface internship in his research team at the Nokia Research Center some twenty years ago. Thanks to Jaakko Teinilä, my first roommate at NRC. Thanks to Asko Komsi who led the ROME project on which I started and about which I wrote my Master s Thesis. Soon after my graduation Heikki also invited me to serve as Nokia s representative in the TINA Consortium, Red Bank, New Jersey. Thanks to Frank Steegmans, my officemate at Bellcore, and to the other TINA colleagues, with whom I started my literary career as a published network scientist. Thanks to Raj Bansal, my superior at NRC Boston. Raj became my role model of a team leader who fully trusted his team and never lapsed into micromanaging, and who gave credit where credit was due. I am sure I have fallen short of this ideal. My thanks go also to Rajeev Koodli, Rayadurgam Ravikanth, and Senthil Sengodan with whom I had the pleasure to collaborate while at NRC Boston. I thank Reijo Juvonen and Professor Antti Ylä-Jääski, who invited me to lead Hannu Flinck s research team at the Communication Systems Laboratory in NRC Helsinki when Hannu left for California. Thank you Hannu for assembling such a fine team! Thank you also for your collaboration ever since you came back from Mountain View; it has been quite a ride. Thanks also to all my team members, many of whom I have had the privilege to work with ever since: Dan Forsberg, Mikael Latvala, Jaakko Lipasti, Janne Mäntylä, Heikki Ollikainen, Harri Paloheimo, Petteri Pöyhönen, Siiri Räihä, Ove Strandberg, Haitao Tang, Dirk Trossen, Lucia Tudose, Janne Tuononen, Petri Velin, Preetida Vinayakray-Jani, and Heikki Waris. I wish the best that life has to offer to all of you. I wish to extend thanks to my colleagues in the EU research projects, namely Ambient Networks and PSIRP, and especially to my coauthors on the resulting publications, some of which are included in this dissertation; Thank you Bengt Ahlgren, Jari Arkko, Lars Eggert, Pekka Nikander, Börje Ohlman, Janne Riihijärvi, Mikko Särelä, Sasu Tarkoma, and Kari Visala. I thank Professor Antti Ylä-Jääski for accepting my application for doctoral studies and Aalto University for offering interesting courses on which I could refresh my skills in networking research. Thanks to Pekka Nikander s Future Internetworking seminar I plunged into much of the background necessary for this work. It is my pleasure to thank Professors Esa Saarinen and Raimo P. Hämäläinen for their intensive seminar on creative problem solving. You really pushed us to dive deeper into some difficult texts. This seminar also viii

11 Preface resulted in my first publication outside of networking. 1 As a result of this experience I do recommend anyone who still has a chance to participate in Esa s annual spring lecture series on philosophy and systems thinking. I greatly enjoyed discussions with my colleague Kalevi Kilkki, whom I had pleasure to meet at NRC Boston for the first time. Kalevi, you have been an example of a writer s work ethic to me. Thank you also for reading the draft of this manuscript before pre-examination. Thanks to TEKES for the funding through the ICT SHOK Future Internet program, and to Professor Martti Mäntylä and Professor Scott Shenker for offering me the opportunity to visit the International Computer Science Institute in Berkeley. This visit would not have been possible without generous support from my employer, Nokia Siemens Networks. Thanks go to my superiors Jari Lehmusvuori, Kari Aaltonen, and Lauri Oksanen, who also approved the time off for my doctoral studies. The year in Berkeley would have amounted to nothing without fruitful collaboration with other researchers thank you Ali Ghodsi, Teemu Koponen, and Pasi Sarolahti. I am grateful for the way Professor Shenker included me in his research team and for the guidance he provided on my research. Scott, your professional, candid, no-nonsense attitude made a truly lasting impression on me. I am grateful for Professor Antti Ylä-Jääski for the researcher s chamber at Aalto University for the last months of last year. I do not believe it would have been possible to write this dissertation in my regular work environment. I thank Professor Antti Ylä-Jääski for leading the dissertation process, Professor Sasu Tarkoma for guidance in thesis writing, and Edward Bonney for checking my English. I thank Docent Mika Ylianttila and Associate Professor Peter Sjödin for serving as pre-examiners for this work. I am deeply honored by Professor Lixin Gao s acceptance to serve as my opponent. I hope you find my defense a worthwhile end to your stay in Helsinki during the week of SIGCOMM Most of all, I express my greatest gratitude to my parents Vesa and Lea, who provided me with the freedom to follow my interests, to my dear wife Maarit, who has put up with me during all these years, and to our lovely daughters Kaisa, Iida, and Oona, who had to endure moving house maybe 1 David Bohm s Thought as a System and Systems Intelligence. In Systems intelligence: A new lens on human engagement and action, eds. Raimo P. Hämäläinen and Esa Saarinen: pp Espoo: Helsinki University of Technology, Systems Analysis Laboratory. ix

17 Author s Contribution Publication I: A Node Identity Internetworking Architecture The architecture presented in this paper was a team effort in the Ambient Networks, an EU Framework Program 6 integrated project [1], internetworking work package. Thus, the authors of the paper are listed in alphabetical order. The author of this dissertation contributed especially on the core networking aspects and on the model for communication between multiple cores. Publication II: Incentive-Compatible Caching and Peering in Data-Oriented Networks The author of this dissertation proposed to apply inter-domain incentives, inferred from the available Internet domain-level topology data, to the content-oriented networking paradigm. The paper was designed and written with the coauthors in the PSIRP project [2]. Publication III: Incentive-Informed Inter-Domain Multicast This work was done while on a research visit to the International Computer Science Institute (ICSI), Berkeley, CA, and benefited from guidance by prof. Scott Shenker. xv

18 Author s Contribution Publication IV: On name-based inter-domain routing The author of this dissertation first invented the network design presented in the paper, then collaborated with coauthors on devising the experimental design to evaluate the architecture. Initial paper submission preparation was very much a team effort, but in later phases the author of this dissertation reimplemented the model, generated new experimental results, as well as refined most of the text for final submission, adding also new material. Publication V: Naming in Content-Oriented Architectures The author of this dissertation developed the Denial-of-Service argumentation presented in this paper, via a presentation given to the Berkeley networking group before the writing process started. Authors listed in alphabetical order. xvi

21 1. Introduction What is essential here is the presence of the spirit of dialogue, which is in short, the ability to hold many points of view in suspension, along with a primary interest in the creation of common meaning. (David Bohm and David Peat. Science, Order and Creativity [32, p. 247]) Network architecture has traditionally been considered an exercise in distributed system design an exercise in optimal distribution of functionality in a network topology. Apart from the requirement to meet the functional design criteria, the aspects of feasibility and especially scalability have been the main objectives in networking designs. Experience has shown, however, that designs meeting all these objectives have still faced significant, and many times unsurmountable deployment challenges (see, e.g., [121, 72, 202]). In this research, we look at the deployment problem from the viewpoint of the network owners, in the spirit of David Clark: Why should I invest, so that someone else might benefit? 2 Since the Internet consists of interconnected, but independently owned and operated autonomous systems, it is evident that common agreement by the network owners is needed for any sweeping updates affecting all the network domains. There are two principal options to overcome this hurdle: Firstly, make sure that the changes are obviously beneficial to all network domains, or, secondly, re-engineer the design so that only the parties benefiting from the changes need to participate. In this dissertation, we first lay out some of the major challenges facing the Internet, emphasizing the voluntary inter-domain structure of the network. We present networking solutions designed to tackle these problems, using a method for network architecture evaluation based on 2 Originally presented relating to the lack of QoS deployment in the Internet. 1

22 Introduction the analysis of inter-domain traffic incentives. Two examples of applying this method to network architecture design are presented (Publications IV and III). Publication II looks expressly at the economic implications of one possible new internetworking architecture (content-oriented networking), while Publications I and V focus on the foundational aspects underlying such architectures: The inter-domain routing structure and cryptographically derived naming, enabling content-based security without relying on specific network topologies. 1.1 Research Setting The research presented in this dissertation originated in collaborative research projects set to advance the art of networking architecture research [1, 2, 133]. In the following, we shortly summarize the origins, methodology, and the main research questions of the included publications. The Dynamic Internetworking Architecture team of the Ambient Networks project [1, 33] was tasked to investigate the current state of internetworking research (see Chapters 3 and 4) and design an evolutionary network architecture to overcome the challenges posed by, e.g., exhausting [115] and overlapping address spaces [189], the associated loss of transparency [40, 55], and increasing multihoming and mobility among both hosts and networks [187]. The resulting architecture is presented in Publication I, and comprises the basis for our understanding that the hardest problems in internetworking relate to both the enormous scale of the global network, and the locally determined traffic policies of the participating network domains. The PSIRP project [2] took a unique approach to the internetworking problem by applying the publish/subscribe pattern [80] to the network at all layers (e.g., link, network, transport, application). In Publication II we assess the generic content caching incentives for domains in different positions within the Internet topology, and the corresponding inter-domain policy impacts of the proposed pub/sub networking paradigm by presenting networking scenarios where such new policies would be beneficial to the participants in the inter-domain networking exchange. 3 The pub/sub networking model critically depends on a scalable namebased inter-domain routing solution for it to be globally applicable. We took on this challenge in the PSIRP project, synthesizing a new architecture for 3 Our findings have been later validated by others, see, e.g., [69]. 2

23 Introduction inter-domain rendezvous. The challenges posed by the new architecture deployment were soon realized to have a deep impact on the architecture here we took a conscious departure from the clean slate research model, on which the project as a whole was based. Having satisfied our deployability objectives, we developed a network model to validate the performance of the design. Again, aiming to stay true to our understanding of architecture deployment, we built our network model based on the supremacy of the domain-specific packet-level incentives [96, 98, 195]. This work is reported in the Publication IV. Applying similar domain-level modeling, we also validated our understanding that non-consideration for inter-domain traffic incentives might be one of the primary reasons for low, or non-existent, deployment of inter-domain multicast service [65, 72, 11]. To this end, we simulated an alternative protocol design that gives network operators a choice on each offered multicast stream, allowing them to offer service only when it is locally beneficial. The results, compared against the performance of the traditional IP multicast [63], are reported in Publication III. Finally, while visiting the International Computer Science Institute, and the UC Berkeley networking group, we developed new argumentation for use of self-certified names [103, 144, 203] in content-oriented networking [132]. This work resulted in Publication V, which was selected as the best paper in the workshop. 4 The significance of this work may be easier to see, when it is realized that the security we have in the current Internet partially derives from the tie-in of the addressing model and the network topology [75, 12, 107, 158]. When this relationship is lost, as is the case in the content-oriented networking model, the explicit security provided by the protocols and user-level trust [53] practices become even more important than they are today. 1.2 Contributions The main contributions of this thesis are: Proposing the use of cryptographically identified network nodes as the principal routable entities in an internetworking architecture consisting of independent locator domains (Publication I). 4 The best paper status was shared among two submissions, the other being [161]. 3

24 Introduction Establishment of the existence of new inter-domain traffic exchange policies (Publication II) in content-oriented network designs. Demonstrating the impact of deployment considerations and inter-domain incentives on new architecture design (Publication IV) and redesign of an existing service (Publication III). Understanding the different roles of autonomous systems (as enterprises and network service providers), and distributing the network functionality accordingly leads to rejection of universal overlay models and the adoption of a heterogeneous network design (Publication IV). Developing a comprehensive domain-level model for evaluating new internetworking architectures, taking into account the traffic-level incentives of the autonomous systems comprising the Internet (used in Publications IV and III.) New argumentation for the system-wide benefits of self-certified naming in content-oriented architectures. Separation of the concerns of the end-user (e.g., establishment of trust) and the network (e.g., availability), enables the user-level trust mechanisms (e.g., web-of-trust [18]) to evolve independently of the content-oriented network design deployed within the network. Self-certified names are relied on in the designs presented in Publications I and IV, while the argumentation is presented in Publication V. The research reported in this dissertation has been published in five original publications that are referred to as Publications I, II, III, IV, and V. The specific contributions of the original publications are as follows: Publication I This paper proposes use of locator domains and cryptographically identified nodes as the basis of the inter-domain networking architecture. This allows unique identification of the networking nodes regardless of their current point of network attachment. This aspect is similar to what is attainable with Mobile IP [162], but without linking the node identity to a network address at all. Since the inter-domain routing is also performed on cryptographically generated, topology-independent identifiers, it is possible to use different internetworking technologies in each domain. This aspect is also the cornerstone in a contemporary proposal for making the Internet 4

25 Introduction architecture evolvable [133, 100]. The proposed routing solution recognizes the existence of a network core, formed by the biggest Internet service providers. Edge networks form topologies (such as trees) that attach to some of the core network domains. The assumption of the more or less stable core avoids the need for a globally synchronized routing protocol as node reachability in the edge topologies can be resolved independently from all the other edge regions [210]. Within the core, routing is based on an overlay formed by the node identity routers connected to the core. To send packets to any destination node, source nodes need to specify through which node identity router the destination is to be reached. Sources get this information from a name resolution system to which all nodes register when they attach to the network. Publication II In this paper we establish the existence of new interdomain traffic policies, when a content-oriented networking approach is adopted. In content-oriented design, the network interactions involve publications or files. Network users express interest toward specific files, which the network then tries to deliver. Each file can be delivered from any node where the file may reside. We find that if the file, originated via paid transit links, can be found from a cache in a peering domain, it might be beneficial to serve the file from that cache, even though such transit traffic would otherwise be unavailable via a peering link (adhering to the prevalent peering policies in use today). Publication III This paper investigates an incentive-informed IP multicast design, where domains refrain from providing services when that would be against their locally determined, economically driven traffic policies. We find that depending on the group size and the peering policies, our alternative design could provide up to 95% of the inter-domain redundancy elimination benefits available with the optimal IP multicast model. Moreover, we also find that if Tier-1 network providers would offer multicast as a service, the overall efficiency could be even better than with the optimal IP multicast model. Profitability of such service depends on the nature of the peering relationships between these domains. Consequently, our evaluation is done on three different peering policy assumptions, and also on an alternative network topology, on which a denser peering pattern is assumed. We find that the results vary significantly depending on 5

26 Introduction the peering policy assumption, while denser peering has little effect. Publication IV This journal paper presents a name-based inter-domain routing architecture developed in the PSIRP project [2]. The design is built on the realization of the different roles of the Internet domains (service providers v.s. enterprises), and adopts a hybrid design where edge topologies form independent rendezvous networks, which are then interconnected using a hierarchical overlay design [95]. Rendezvous networks use internal content-oriented routing, like in DONA [132], making all data internally reachable within the rendezvous network. The virtual hierarchical overlay allows for different deployment strategies in the different parts of the network and does not critically depend on any specific networks. In addition to the assumed globally shared interconnection overlay, the rendezvous networks are free to participate in other interconnection overlays. The global scalability challenge is tackled with a two-tier naming model: All data is referenced with a pair of identifiers, the first naming the scope that the data is associated with, the second naming the data itself. Requests can then be forwarded using the deepest match lookup (see Publication V), where the data identifier is matched first, and only if no match is found, is the scope identifier matched next. Since all scope identifiers are present in the interconnection overlay, the system will find a path if one exists. The design is thoroughly modeled in an inferred Internet topology. As results we have reported inter-domain path stretch and additional latency figures for the initial rendezvous messaging. The underlying routing model is policy-compliant in that it emulates the typical policies configured for inter-domain routing. Publication V In this paper we present new argumentation for the use of self-certified naming in content-oriented network architectures. Selfcertification allows for a clean separation between the end-user-level trust establishment, and the network s need to make sure that only the rightful owners of the names get to assert status and availability changes on content thus named. We also generalize our earlier two-level naming structure as explicit aggregation. Instead of building hierarchy into a name, aggregation can be expressed explicitly by prepending the content name with 6

27 Introduction one or more names of aggregates. Routing is then performed using deepest match lookup instead of the traditional longest-prefix match; at each hop, the content name is checked first, followed by matching for each aggregate as needed, progressing from the most specific to the most inclusive identifier, effectively finding the most specific next hop available for the content thus referenced. 1.3 Structure of the Thesis The rest of this dissertation is structured as follows. Chapter 2 introduces the role of local incentives in the inter-domain structure of the Internet. Chapter 3 summarizes the major challenges facing the Internet architecture, with emphasis on deployment issues. Chapter 4 provides the necessary technical background on inter-domain routing and content-oriented networking. Chapter 5 introduces the inter-domain incentive-based modeling approach we have used in the research included in this dissertation. Chapter 6 briefly summarizes the key content of the original publications, including the use of the incentive-based model in practical networking problems. Chapter 7 gives the conclusion of the dissertation. Five original publications which describe the research presented in this dissertation are included at the end. We have included these papers in the numbered references [7, 169, 167, 170, 101], but refer to them as Publications I V, respectively, in this dissertation. 7

28 Introduction 8

29 2. Local Incentives and Inter-Domain Structure The art of economics consists in looking not merely at the immediate but at the longer effects of any act or policy; it consists in tracing the consequences of that policy not merely for one group but for all groups. (Henry Hazlitt. Economics In One Lesson [110, p. 5]) Not since January 1st, 1983, when ARPANET switched to TCP/IP protocol stack [138] has the Internet been under one, centralized management [34]. Instead, the Internet is formed by interconnected, separately owned and managed networks, welded together by an internetworking protocol layer. In the context of Internet routing protocols, the networks forming the Internet are called autonomous systems (ASes). In this dissertation, the unqualified term domain 5 refers to the same. Hence, the mechanisms, or protocols, that allow such domains to interconnect and interoperate can be termed as inter-domain protocols, of which the current inter-domain routing protocol, BGPv4 [175], is the prime example. Within the routing protocols, an autonomous system is referred to by its officially assigned AS number (ASN). 6 The TCP/IP protocols were not originally designed for commercial service, rather for the needs of connecting to computing resources between research organizations [60]. The Internet started to transition to commercial service when the National Science Foundation networking program (NSFNET) encouraged the academic institutions it served to seek nonacademic customers on the regional level. NSFNET prohibited, however, any commercial use of its federally funded backbone, thus stimulating the emergence of the first commercial long-haul interconnection networks 5 Not to be mixed up with domain names such as example.org, which may or may not correspond to an autonomous system. 6 See Table 2.1 on page 12 for some prominent examples. 9

Multicast vs. P2P for content distribution Abstract Many different service architectures, ranging from centralized client-server to fully distributed are available in today s world for Content Distribution

Facility Usage Scenarios GDD-06-41 GENI: Global Environment for Network Innovations December 22, 2006 Status: Draft (Version 0.1) Note to the reader: this document is a work in progress and continues to

On Characterizing BGP Routing Table Growth Tian Bu, Lixin Gao, and Don Towsley University of Massachusetts, Amherst, MA 0003 Abstract The sizes of the BGP routing tables have increased by an order of magnitude

3. Measurement Study on the Internet reachability Internet reachability can be assessed using control-plane and data-plane measurements. However, there are biases in the results of these two measurement

A Link Load Balancing Solution for Multi-Homed Networks Overview An increasing number of enterprises are using the Internet for delivering mission-critical content and applications. By maintaining only

Secure IP Forwarding in the Security Industry - White Paper This white paper addresses the issue of how an independent alarm company can maintain their independence and at the same time uses IP (Internet

Today Finishing up inter-domain routing Economics of peering/settlement Review of end-to-end forwarding How we build routers 1 A History of Settlement The telephone world LECs (local exchange carriers)

The Internet and the Public Switched Telephone Network Disparities, Differences, and Distinctions This paper discusses the telephone network infrastructure commonly known as the Public Switched Telephone

Overview of TCP/IP System Administrators and network administrators Why networking - communication Why TCP/IP Provides interoperable communications between all types of hardware and all kinds of operating

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs As a head of the campus network department in the Deanship of Information Technology at King Abdulaziz University for more

CHAPTER 2 QoS ROUTING AND ITS ROLE IN QOS PARADIGM 22 QoS ROUTING AND ITS ROLE IN QOS PARADIGM 2.1 INTRODUCTION As the main emphasis of the present research work is on achieving QoS in routing, hence this

SIP, Security and Session Border Controllers SIP, Security and Session Border Controllers Executive Summary Rolling out a public SIP service brings with it several security issues. Both users and Service

Unit 5: Intradomain and Interdomain Protocols Lesson 5-3: Gateway Protocol At a Glance The Gateway Protocol (BGP) is an interdomain routing protocol used in TCP/IP internetworks. BGP was created to allow

The Keys for Campus Networking: Introduction Internet Protocol (IP) is considered the working-horse that the vast majority of current and future applications use as the key technology for information exchange,

Internet of Things and the Impact on Transport Networks How Network Operators Do Prepare for the Rise of the Machines Telecommunication networks today were never designed having Inter of Things use cases

Bloom Filter based Inter-domain Name Resolution: A Feasibility Study Konstantinos V. Katsaros, Wei Koong Chai and George Pavlou University College London, UK Outline Inter-domain name resolution in ICN

Page 1 of 8 Computer Networking Networks 9.1 Local area network A local area network (LAN) is a network that connects computers and devices in a limited geographical area such as a home, school, office

Policy Based QoS support using BGP Routing Priyadarsi Nanda and Andrew James Simmonds Department of Computer Systems Faculty of Information Technology University of Technology, Sydney Broadway, NSW Australia

Computer ing (TDDD63): Part 1 Kick starting science... Niklas Carlsson, Associate Professor http://www.ida.liu.se/~nikca/ What do you have in the future? What do you have in the future? How does it keep

Border Gateway Protocol Exterior routing protocols created to: control the expansion of routing tables provide a structured view of the Internet by segregating routing domains into separate administrations

. White Paper Virtual PortChannels: Building Networks without Spanning Tree Protocol What You Will Learn This document provides an in-depth look at Cisco's virtual PortChannel (vpc) technology, as developed

Introduction to The Internet ISP/IXP Workshops 1 Introduction to the Internet Topologies and Definitions IP Addressing Internet Hierarchy Gluing it all together 2 Topologies and Definitions What does all

Application Note IP Addressing A Simplified Tutorial July 2002 COMPAS ID 92962 Avaya Labs 1 All information in this document is subject to change without notice. Although the information is believed to

CHAPTER 5 Chapter Goals Learn the basics of routing protocols Learn the differences between link-state and distance vector routing protocols Learn about the metrics used by routing protocols to determine

Virtual Routing: What s The Goal? And What s Beyond? Peter Christy, NetsEdge Research Group, August 2001 Virtual routing is a software design method used to provide multiple independent routers that share

IPv6 First Hop Security Protecting Your IPv6 Access Network What You Will Learn This paper provides a brief introduction to common security threats on IPv6 campus access networks and will explain the value